Auto root login from serial console only

[Paul Beam]

Anyone know how to allow auto root login from the serial console without a password while still requiring a password for ssh?  This is really a worst case recovery type thing where someone changes the default password and forgets the new password.  Physical security should be adequate in this case.

[Robert Heller]

man getty

Specificly:

-a, --autologin username
Automatically log in the specified user without asking for a
username or password. Using this option causes an -f username
option and argument to be added to the /bin/login command line.
See --login-options, which can be used to modify this option's
behavior.

Note that --autologin may affect the way how agetty initializes
the serial line, because on auto-login agetty does not read from
the line and it has no opportunity optimize the line setting.

and also:

-l, --login-program login_program
Invoke the specified login_program instead of /bin/login. This
allows the use of a non-standard login program. Such a program
could, for example, ask for a dial-up password or use a differâ€
ent password file. See --login-options.

-o, --login-options "login_options"
Options and arguments that are passed to login(1). Where \u is
replaced by the login name. For example:

--login-options '-h darkstar -- \u'

See --autologin, --login-program and --remote.

Please read the SECURITY NOTICE below before using this option.

-p, --login-pause
Wait for any key before dropping to the login prompt. Can be
combined with --autologin to save memory by lazily spawning
shells.


systemd files of interest:

/etc/systemd/system/getty.target.wants/serial...@ttyGS0.service
/lib/systemd/system/serial-getty@.service

The former is a symlink to the second, but you don't want to mess with the
second, but instead copy the second to someplace
(/usr/local/lib/systemd/system/ probably) and modify it (maybe rename it to
/lib/systemd/system/serial-getty-root@.service) and then change the
/etc/systemd/system/getty.target.wants/serial...@ttyGS0.service symlink.

Robert Heller -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
hel...@deepsoft.com -- Webhosting Services

[Paul Beam]

Thanks.  That makes sense.  I was barking up the wrong tree and just totally forgot about getty.

[Paul Beam]

This is a tad more sinister than it appears.  In /etc/systemd/system/getty.target.wants/ are 3 files: ge...@tty1.service, serial-getty@.service, and serial...@ttyGS0.service.  I have changed them all, and none have had any impact.  A 'systemctl cat ge...@ttyGS0.service' shows the unchanged unit file /lib/systemd/system/getty@.service.    Although I did desire to not alter the original systemd unit file in /lib, I may need to do that and see if it makes a difference.

[Paul Beam]

The fix seems to be here:  https://unix.stackexchange.com/questions/401759/automatically-login-on-debian-9-2-1-command-line

Midway through the page someone was working with a serial instead of a virtual terminal.  I'm not exactly sure of the impact of the edit in the logind.conf file, but the combination shown there works.